FDA Compliance / Automation
Validation of Automated Systems for FDA Compliance
- Records submitted to FDA under predicate rules (even if such records are not specifically identified in agency regulations) in e-format (assuming the records have been identified in docket number 92S-0251 as the types of submissions the agency accepts in e-format ). But, a record, not itself submitted, but is used in generating submission, is not a part 11 record unless it’s otherwise needed to be maintained under a predicate rule and it’s kept in e-format.
- E-signatures that are intended to be the equivalent of handwritten signatures, initials and other general signings required by predicate rules. Part 11 signatures include e-signatures that are used, for example to document the fact that certain events or actions occurred in accordance with the predicate rule (e.g. approved, reviewed and verified).
Approach to Compliance to Part 11
FDA holds that decision to validate computerised systems, and the extent of the validation, take into account the impact the systems have on your ability to meet predicate rule requirements. One should also consider the impact those systems might have on the accuracy, reliability, integrity, availability and authenticity of needed records and signatures. Even if there’s no predicate rule requirement to validate a system, in few cases it may be important to validate the system.
The agency intends to exercise enforcement discretion regarding specific part 11 requirements related to computer generated, time stamped audit trails. Persons must still comply with all applicable predicate rule requirements related top documentation of, for example, date, time or sequencing of events, as well as any requirements for ensuring that changes to records do not obscure previous entries.
Even if there are no predicate rule requirements to document, for example, date, time or sequence of events in a particular instance, it may nonetheless be important to have audit trails or other physical, logical or procedural security measures in place to ensure the trustworthiness and reliability of the records. We recommend that you base your decision on whether to apply audit trails, or other appropriate measures, on the need to comply with predicate rule requirements, a justified and documented risk assessment, and a determination of the potential effect on product quality and safety and record integrity. We suggest that you apply appropriate controls based on such an assessment. Audit trails can be particularly appropriate when users are expected to create, modify or delete regulated records during normal operation.
What is the FDA Audit Trail Supposed to Do?
- To check application commitments and to verify authenticity and accuracy of data contained in submissions
- To assure that the product development was done justifying process attributes
- To ensure development facilities comply with GMP standards
- To ensure manufacturing facilities comply with GMP standards
- To ensure related controlled facilities (like water, clean steam, HVAC, gases, raw materials delivery, vendors etc.) comply with GMP standards
In the end, being prepared makes the differece – this is especially true in terms of auditing as the next paragraph shows.